IPv6 over BLUETOOTH(R) Low Energy
draft-ietf-6lo-btle-13
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7668.
|
|
|---|---|---|---|
| Authors | Johanna Nieminen , Teemu Savolainen , Markus Isomaki , Basavaraj Patil , Zach Shelby , Carles Gomez | ||
| Last updated | 2015-06-09 (Latest revision 2015-05-25) | ||
| Replaces | draft-ietf-6lowpan-btle | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
GENART Last Call review
by Elwyn Davies
Almost ready
SECDIR Last Call review
by Chris Lonvick
Has issues
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Gabriel Montenegro | ||
| Shepherd write-up | Show Last changed 2015-02-27 | ||
| IESG | IESG state | Became RFC 7668 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Brian Haberman | ||
| IESG note | ** No value found for 'doc.notedoc.note' ** | ||
| Send notices to | draft-ietf-6lo-btle@ietf.org, 6lo-chairs@ietf.org, Gabriel.Montenegro@microsoft.com, draft-ietf-6lo-btle.ad@ietf.org, draft-ietf-6lo-btle.shepherd@ietf.org | ||
| IANA | IANA review state | IANA OK - No Actions Needed |
draft-ietf-6lo-btle-13
6Lo Working Group J. Nieminen
Internet-Draft T. Savolainen
Intended status: Standards Track M. Isomaki
Expires: November 23, 2015 Nokia
B. Patil
AT&T
Z. Shelby
Arm
C. Gomez
Universitat Politecnica de Catalunya/i2CAT
May 22, 2015
IPv6 over BLUETOOTH(R) Low Energy
draft-ietf-6lo-btle-13
Abstract
Bluetooth Smart is the brand name for the Bluetooth low energy
feature in the Bluetooth specification defined by the Bluetooth
Special Interest Group. The standard Bluetooth radio has been widely
implemented and available in mobile phones, notebook computers, audio
headsets and many other devices. The low power version of Bluetooth
is a specification that enables the use of this air interface with
devices such as sensors, smart meters, appliances, etc. The low
power variant of Bluetooth is standardized since the revision 4.0 of
the Bluetooth specifications, although version 4.1 or newer is
required for IPv6. This document describes how IPv6 is transported
over Bluetooth low energy using 6LoWPAN techniques.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 23, 2015.
Nieminen, et al. Expires November 23, 2015 [Page 1]
Internet-Draft IPv6 over Bluetooth LE May 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology and Requirements Language . . . . . . . . . . 3
2. Bluetooth Low Energy . . . . . . . . . . . . . . . . . . . . 3
2.1. Bluetooth LE stack . . . . . . . . . . . . . . . . . . . 4
2.2. Link layer roles and topology . . . . . . . . . . . . . . 5
2.3. Bluetooth LE device addressing . . . . . . . . . . . . . 5
2.4. Bluetooth LE packets sizes and MTU . . . . . . . . . . . 6
3. Specification of IPv6 over Bluetooth Low Energy . . . . . . . 6
3.1. Protocol stack . . . . . . . . . . . . . . . . . . . . . 7
3.2. Link model . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.1. Stateless address autoconfiguration . . . . . . . . . 8
3.2.2. Neighbor discovery . . . . . . . . . . . . . . . . . 10
3.2.3. Header compression . . . . . . . . . . . . . . . . . 11
3.2.3.1. Remote destination example . . . . . . . . . . . 12
3.2.3.2. Example of registration of multiple-addresses . . 13
3.2.4. Unicast and Multicast address mapping . . . . . . . . 13
3.3. Subnets and Internet connectivity scenarios . . . . . . . 14
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
6. Additional contributors . . . . . . . . . . . . . . . . . . . 16
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
8.1. Normative References . . . . . . . . . . . . . . . . . . 16
8.2. Informative References . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction
Bluetooth low energy (LE) is a radio technology targeted for devices
that operate with coin cell batteries or minimalistic power sources,
which means that low power consumption is essential. Bluetooth LE is
Nieminen, et al. Expires November 23, 2015 [Page 2]
Internet-Draft IPv6 over Bluetooth LE May 2015
especially attractive technology for Internet of Things applications,
such as health monitors, environmental sensing, proximity
applications and many others.
Considering the potential for the exponential growth in the number of
sensors and Internet connected devices, IPv6 is an ideal protocol due
to the large address space it provides. In addition, IPv6 provides
tools for stateless address autoconfiguration, which is particularly
suitable for sensor network applications and nodes which have very
limited processing power or lack a full-fledged operating system.
RFCs 4944, 6282, and 6775 [RFC4944][RFC6282][RFC6775] specify the
transmission of IPv6 over IEEE 802.15.4. The Bluetooth LE link in
many respects has similar characteristics to that of IEEE 802.15.4
and many of the mechanisms defined for the IPv6 over IEEE 802.15.4
can be applied to the transmission of IPv6 on Bluetooth LE links.
This document specifies the details of IPv6 transmission over
Bluetooth LE links.
1.1. Terminology and Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
The terms 6LN, 6LR and 6LBR are defined as in [RFC6775], with an
addition that Bluetooth LE central and Bluetooth LE peripheral (see
Section 2.2) can both be either 6LN or 6LBR.
2. Bluetooth Low Energy
Bluetooth LE is designed for transferring small amounts of data
infrequently at modest data rates at a very low cost per bit.
Bluetooth Special Interest Group (Bluetooth SIG) has introduced two
trademarks, Bluetooth Smart for single-mode devices (a device that
only supports Bluetooth LE) and Bluetooth Smart Ready for dual-mode
devices (devices that support both Bluetooth and Bluetooth LE). In
the rest of the document, the term Bluetooth LE refers to both types
of devices.
Bluetooth LE was introduced in Bluetooth 4.0, enhanced in Bluetooth
4.1 [BTCorev4.1], and developed even further in successive versions.
Bluetooth SIG has also published Internet Protocol Support Profile
(IPSP) [IPSP], which includes Internet Protocol Support Service
(IPSS). The IPSP enables discovery of IP-enabled devices and
establishment of link-layer connection for transporting IPv6 packets.
IPv6 over Bluetooth LE is dependent on both Bluetooth 4.1 and IPSP
1.0 or newer.
Nieminen, et al. Expires November 23, 2015 [Page 3]
Internet-Draft IPv6 over Bluetooth LE May 2015
gt; -PANA/EAP
: *| | +-----------+: * -HIP
: *| | +-----------+: *
: *| +->| L2 |: * ## DTLS
: *| +-----------+: * .. OSCOAP
:+--------+ : *
:|Security| Configuration: * [] HIP,IKEv2
:|Service | Entity : * [] ESP/AH
:+--------+ : *
:........................: *
*
......................... * .........................
:+--------+ : * : +--------+:
:|Security| Node B : Secure * : Node A |Security|:
:|Service | : routing * : |Service |:
:+--------+ : framework * : +--------+:
: | +-----------+: | **** :+-----------+ |* :
: | +->|Application|:........|............:|Application|<*+* |* :
: | | +----##-----+: | :+----##-----+ |* |* :
: | | +----##-----+: | :+----##-----+ |* |* :
: | |->| Transport |#########|#############| Transport |<-|* |* :
: |__| +----[]-----+: ......|.......... :+----[]-----+ |*_|* :
: | +====[]=====+=====+===========+=====+====[]=====+ | * :
: |->|| Network |: : | Network | : :| Network ||<-| :
: | +|----------+: : +-----------+ : :+----------|+ | :
: | +|----------+: : +-----------+ : :+----------|+ | :
: +->|| L2 |: : | L2 | : :| L2 ||<-+ :
: +===========+=====+===========+=====+===========+ :
:.......................: :...............: :.......................:
Relationships between IP-based security protocols.
Figure 4
4.3. IoT Security Guidelines
Recent large scale Denial of Service (DoS) attacks on the Internet
Infrastructure from compromised IoT devices has prompted many
different standards bodies and consortia to provide guidelines for
developers and the Internet community at large to build secure IoT
Garcia-Morchon, et al. Expires March 14, 2018 [Page 19]
Internet-Draft IoT Security September 2017
devices and services. A subset of the different guidelines and
ongoing projects are as follows:
1. GSMA IoT security guidelines [GSMAsecurity]: GSMA has published
a set of security guidelines for the benefit of new IoT product
and service providers. The guidelines are aimed at device
manufacturers, service providers, developers and network
operators. An enterprise can complete an IoT Security Self-
Assessment to demonstrate that its products and services are
aligned with the security guidelines of the GSMA.
2. BITAG Internet of Things (IoT) Security and Privacy
Recommendations [BITAG]: Broadband Internet Technical Advisory
Group (BITAG) has also published recommendations for ensuring
security and privacy of IoT device users. BITAG observes that
many IoT devices are shipped from the factory with software that
is already outdated and vulnerable. The report also states that
many devices with vulnerabilities will not be fixed either
because the manufacturer does not provide updates or because the
user does not apply them. The recommendations include that IoT
devices should function without cloud and Internet connectivity,
and that all IoT devices should have methods for automatic
secure software updates.
3. CSA New Security Guidance for Early Adopters of the IoT [CSA]:
The Cloud Security Alliance (CSA) recommendations for early
adopters of IoT encourages enterprises to implement security at
different layers of the protocol stack. It also recommends
implementation of an authentication/authorization framework for
IoT deployments. A complete list of recommendations is
available in the report [CSA].
4. U.S. Department of Homeland Security [DHS]: DHS has put forth
six strategic principles that would enable IoT developers,
manufacturers, service providers and consumers to maintain
security as they develop, manufacture, implement or use network-
connected IoT devices.
5. NIST [NIST-Guide]: The NIST special publication urges enterprise
and US federal agencies to address security throughout the
systems engineering process. The publication builds upon the
ISO/IEC 15288 standard and augments each process in the system
lifecycle with security enhancements.
6. NIST [nist_lightweight_project]: NIST is running a project on
lightweight cryptography with the purpose of: (i) identifying
application areas for which standard cryptographic algorithms
are too heavy, classifying them according to some application
Garcia-Morchon, et al. Expires March 14, 2018 [Page 20]
Internet-Draft IoT Security September 2017
profiles to be determined; (ii) determining limitations in those
existing cryptographic standards; and (iii) standardizing
lightweight algorithms that can be used in specific application
profiles.
7. OWASP [OWASP]: Open Web Application Security Project (OWASP)
provides security guidance for IoT manufactures, developers and
consumers. OWASP also includes guidelines for those who intend
to test and analyze IoT devices and applications.
8. IoT Security foundation [IoTSecFoundation]: IoT security
foundation has published a document that enlists various
considerations that need to be taken into account when
developing IoT applications. For example, the document states
that IoT device could use hardware-root of trust to ensure that
only authorized software runs on the device.
9. NHTSA [NHTSA]: The US National Highway Traffic Safety
Administration provides a set of non-binding guidance to the
automotive industry for improving the cyber security of
vehicles. While some of the guidelines are general, the
document provides specific recommendations for the automotive
industry such as how various automotive manufacturer can share
cyber security vulnerabilities discovered.
10. Best Current Practices (BCP) for IoT devices [ID-Moore]: This
document provides a list of minimum requirements that vendors of
Internet of Things (IoT) devices should to take into account
while developing applications, services and firmware updates in
order to reduce the frequency and severity of security incidents
that arise from compromised IoT devices.
11. ENISA [ENISA_ICS]: The European Union Agency for Network and
Information Security published a document on communication
network dependencies for ICS/SCADA systems in which security
vulnerabilities, guidelines and general recommendations are
summarized.
Other guideline and recommendation documents may exist or may later
be published. This list should be considered non-exhaustive.
Despite the acknowledgment that security in the Internet is needed
and the existence of multiple guidelines, the fact is that many IoT
devices and systems have very limited security. There are multiple
reasons for this. For instance, some manufactures focus on
delivering a product without paying enough attention to security.
This may be because of lack of expertise or limited budget. However,
deployment of such insecure devices poses a severe threat. The vast
amount of devices and their inherent mobile nature also implies that
Garcia-Morchon, et al. Expires March 14, 2018 [Page 21]
Internet-Draft IoT Security September 2017
an initially secure system can become insecure if a compromised
device gains access to the system at some point in time. Even if all
other devices in a given environment are secure, it does not prevent
external (passive) attacks originating due to insecure devices.
Recently the Federal Communications Commission (FCC) [FCC] has stated
the need for additional regulation of IoT systems. FCC identifies
this as a missing component, especially for Federal Information
Systems (FIS). Today, security in the US FIS is regulated according
to Federal Information Security Management Act (FISMA). From this
law, NIST has derived a number of new documents to categorize FIS and
determine minimum security requirements for each category. These
minimum security requirements are specified in NIST SP 800-53r4
[NIST-SP80053].
Even with strong regulations in place, the question remains as to how
such regulations can be applied in practice to non-federal
deployments, such as industrial, homes, offices, or smart cites.
Each of them exhibits unique features, involves very diverse types of
users, has different operational requirements, and combines IoT
devices from multiple manufacturers. Future regulations should
therefore consider such diverse deployment scenarios.
5. Challenges for a Secure IoT
In this section, we take a closer look at the various security
challenges in the operational and technical features of IoT and then
discuss how existing Internet security protocols cope with these
technical and conceptual challenges through the lifecycle of a thing.
This discussion should neither be understood as a comprehensive
evaluation of all protocols, nor can it cover all possible aspects of
IoT security. Yet, it aims at showing concrete limitations of
existing Internet security protocols in some areas rather than giving
an abstract discussion about general properties of the protocols. In
this regard, the discussion handles issues that are most important
from the authors' perspectives.
5.1. Constraints and Heterogeneous Communication
Coupling resource-constrained networks and the powerful Internet is a
challenge because the resulting heterogeneity of both networks
complicates protocol design and system operation. In the following
we briefly discuss the resource constraints of IoT devices and the
consequences for the use of Internet Protocols in the IoT domain.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 22]
Internet-Draft IoT Security September 2017
5.1.1. Resource Constraints
IoT deployments are often characterized by lossy and low-bandwidth
communication channels. IoT devices are also often constrained in
terms of CPU, memory, and energy budget available [RFC7228]. These
characteristics directly impact the threats to and the design of
security protocols for the IoT domain. First, the use of small
packets, for example, IEEE 802.15.4 supports 127-byte sized packets
at the physical layer, may result in fragmentation of larger packets
of security protocols. This may open new attack vectors for state
exhaustion DoS attacks, which is especially tragic, for example, if
the fragmentation is caused by large key exchange messages of
security protocols. Moreover, packet fragmentation commonly
downgrades the overall system performance due to fragment losses and
the need for retransmissions. For instance, fate-sharing packet
flight as implemented by DTLS might aggravate the resulting
performance loss.
The size and number of messages should be minimized to reduce memory
requirements and optimize bandwidth usage. In this context, layered
approaches involving a number of protocols might lead to worse
performance in resource-constrained devices since they combine the
headers of the different protocols. In some settings, protocol
negotiation can increase the number of exchanged messages. To
improve performance during basic procedures such as, for example,
bootstrapping, it might be a good strategy to perform those
procedures at a lower layer.
Small CPUs and scarce memory limit the usage of resource-expensive
crypto primitives such as public-key cryptography as used in most
Internet security standards. This is especially true if the basic
crypto blocks need to be frequently used or the underlying
application demands a low delay.
Independently from the development in the IoT domain, all discussed
security protocols show efforts to reduce the cryptographic cost of
the required public-key-based key exchanges and signatures with
Elliptic Curve Cryptography (ECC) [RFC5246], [RFC5903], [RFC7401],
and [ID-HIP-DEX]. Moreover, all protocols have been revised in the
last years to enable crypto agility, making cryptographic primitives
interchangeable. However, these improvements are only a first step
in reducing the computation and communication overhead of Internet
protocols. The question remains if other approaches can be applied
to leverage key agreement in these heavily resource-constrained
environments.
A further fundamental need refers to the limited energy budget
available to IoT nodes. Careful protocol (re)design and usage is
Garcia-Morchon, et al. Expires March 14, 2018 [Page 23]
Internet-Draft IoT Security September 2017
required to reduce not only the energy consumption during normal
operation, but also under DoS attacks. Since the energy consumption
of IoT devices differs from other device classes, judgments on the
energy consumption of a particular protocol cannot be made without
tailor-made IoT implementations.
5.1.2. Denial-of-Service Resistance
The tight memory and processing constraints of things naturally
alleviate resource exhaustion attacks. Especially in unattended T2T
communication, such attacks are difficult to notice before the
service becomes unavailable (for example, because of battery or
memory exhaustion). As a DoS countermeasure, DTLS, IKEv2, HIP, and
Diet HIP implement return routability checks based on a cookie
mechanism to delay the establishment of state at the responding host
until the address of the initiating host is verified. The
effectiveness of these defenses strongly depend on the routing
topology of the network. Return routability checks are particularly
effective if hosts cannot receive packets addressed to other hosts
and if IP addresses present meaningful information as is the case in
today's Internet. However, they are less effective in broadcast
media or when attackers can influence the routing and addressing of
hosts (for example, if hosts contribute to the routing infrastructure
in ad-hoc networks and meshes).
In addition, HIP implements a puzzle mechanism that can force the
initiator of a connection (and potential attacker) to solve
cryptographic puzzles with variable difficulties. Puzzle-based
defense mechanisms are less dependent on the network topology but
perform poorly if CPU resources in the network are heterogeneous (for
example, if a powerful Internet host attacks a thing). Increasing
the puzzle difficulty under attack conditions can easily lead to
situations where a powerful attacker can still solve the puzzle while
weak IoT clients cannot and are excluded from communicating with the
victim. Still, puzzle-based approaches are a viable option for
sheltering IoT devices against unintended overload caused by
misconfiguration or malfunctioning things.
5.1.3. End-to-end security, protocol translation, and the role of
middleboxes
The term end-to-end security often has multiple interpretations.
Here, we consider end-to-end security in the context end-to-end IP
connectivity, from a sender to a receiver. For providing end-to-end
security services such as confidentiality and integrity protection on
packet data, message authentication codes or encryption is typically
used. These protection methods render the protected parts of the
packets immutable as rewriting is either not possible because a) the
Garcia-Morchon, et al. Expires March 14, 2018 [Page 24]
Internet-Draft IoT Security September 2017
relevant information is encrypted and inaccessible to the gateway or
b) rewriting integrity-protected parts of the packet would invalidate
the end-to-end integrity protection.
Protocols for constrained IoT networks are not exactly identical to
their larger Internet counterparts for efficiency and performance
reasons. Hence, more or less subtle differences between protocols
for constrained IoT networks and Internet protocols will remain.
While these differences can be bridged with protocol translators at
middleboxes, they may become major obstacles if end-to-end security
measures between IoT devices and Internet hosts are needed.
If access to data or messages by the middleboxes is required or
acceptable, then a diverse set of approaches for handling such a
scenario are available. Note that some of these approaches affect
the meaning of end-to-end security in terms of integrity and
confidentiality since the middleboxes will be able to either decrypt
or modify partially the exchanged messages:
1. Sharing credentials with middleboxes enables them to transform
(for example, decompress, convert, etc.) packets and re-apply the
security measures after transformation. This method abandons
end-to-end security and is only applicable to simple scenarios
with a rudimentary security model.
2. Reusing the Internet wire format for IoT makes conversion between
IoT and Internet protocols unnecessary. However, it can lead to
poor performance in some use cases because IoT specific
optimizations (for example, stateful or stateless compression)
are not possible.
3. Selectively protecting vital and immutable packet parts with a
MAC or with encryption requires a careful balance between
performance and security. Otherwise this approach might either
result in poor performance or poor security depending on which
parts are selected for protection, where they are located in the
original packet, and how they are processed. [ID-OSCOAP]
proposes a solution in this direction by encrypting and integrity
protecting most of the message except those parts that a
middlebox needs to read or change.
4. Homomorphic encryption techniques can be used in the middlebox to
perform certain operations. However, this is limited to data
processing involving arithmetic operations. Furthermore,
performance of existing libraries, for example, SEAL [SEAL] is
still limited to be widely applicable.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 25]
Internet-Draft IoT Security September 2017
5. Message authentication codes that sustain transformation can be
realized by considering the order of transformation and
protection (for example, by creating a signature before
compression so that the gateway can decompress the packet without
recalculating the signature). Such an approach enables IoT
specific optimizations but is more complex and may require
application-specific transformations before security is applied.
Moreover, the usage of encrypted or integrity-protected data
prevents middleboxes from transforming packets.
6. Object security based mechanisms can bridge the protocol worlds,
but still require that the two worlds use the same object
security formats. Currently the object security format based on
CBOR Object Signing and Encryption (COSE) [RFC8152] (IoT
protocol) is different from JSON Object Signing and Encryption
(JOSE) [RFC7520] or Cryptographic Message Syntax (CMS) [RFC5652].
Legacy devices relying on traditional Internet protocols will
need to update to the newer protocols for constrained
environments to enable real end-to-end security. Furthermore,
middleboxes do not have any access to the data and this approach
does not prevent an attacker from modifying relevant fields in
CoAP.
To the best of our knowledge, none of the mentioned security
approaches that focus on the confidentiality and integrity of the
communication exchange between two IP end-points provide the perfect
solution in this problem space.
We finally note that end-to-end security can also be considered in
the context of availability: making sure that the messages are
delivered. In this case, the end-points cannot control this, but the
middleboxes play a fundamental role to make sure that exchanged
messages are not dropped, for example, due to a DDoS attack.
5.1.4. New network architectures and paradigm
There is a multitude of new link layer protocols that aim to address
the resource-constrained nature of IoT devices. For example, the
IEEE 802.11 ah [IEEE802ah] has been specified for extended range and
lower energy consumption to support Internet of Things (IoT) devices.
Similarly, Low-Power Wide-Area Network (LPWAN) protocols such as LoRa
[lora], Sigfox [sigfox], NarrowBand IoT (NB-IoT) [nbiot] are all
designed for resource-constrained devices that require long range and
low bit rates. While these protocols allow IoT devices to conserve
energy and operate efficiently, they also add additional security
challenges. For example, the relatively small MTU can make security
handshakes with large X509 certificates a significant overhead. At
the same time, new communication paradigms also allow IoT devices to
Garcia-Morchon, et al. Expires March 14, 2018 [Page 26]
Internet-Draft IoT Security September 2017
communicate directly amongst themselves with or without support from
the network. This communication paradigm is also referred to as
Device-to-Device (D2D) or Machine-to-Machine (M2M) or Thing-to-Thing
(T2T) communication. D2D is primarily driven by network operators
that want to utilize short range communication to improve the network
performance and for supporting proximity based service
5.2. Bootstrapping of a Security Domain
Creating a security domain from a set of previously unassociated IoT
devices is a key operation in the lifecycle of a thing in an IoT
network. This aspect is further elaborated and discussed in the
T2TRG draft on bootstrapping [ID-bootstrap].
5.3. Operational Challenges
After the bootstrapping phase, the system enters the operational
phase. During the operational phase, things can use the state
information created during the bootstrapping phase in order to
exchange information securely. In this section, we discuss the
security challenges during the operational phase. Note that many of
the challenges discussed in Section 5.1 apply during the operational
phase.
5.3.1. Group Membership and Security
Group key negotiation is an important security service for
communication patterns in IoT. All discussed protocols only cover
unicast communication and therefore, do not focus on group-key
establishment. This applies in particular to (D)TLS and IKEv2.
Thus, a solution is required in this area. A potential solution
might be to use the Diffie-Hellman keys - that are used in IKEv2 and
HIP to setup a secure unicast link - for group Diffie-Hellman key-
negotiations. However, Diffie-Hellman is a relatively heavy
solution, especially if the group is large.
Conceptually, solutions that provide secure group communication at
the network layer (IPsec/IKEv2, HIP/Diet HIP) may have an advantage
in terms of the cryptographic overhead when compared to application-
focused security solutions (TLS/ DTLS). This is due to the fact that
application-focused solutions require cryptographic operations per
group application, whereas network layer approaches may allow sharing
of secure group associations between multiple applications (for
example, for neighbor discovery and routing or service discovery).
Hence, implementing shared features lower in the communication stack
can avoid redundant security measures. In the case of OSCOAP, it
provides security for CoAP group communication as defined in RFC7390,
i.e., based on multicast IP. If the same security association is
Garcia-Morchon, et al. Expires March 14, 2018 [Page 27]
Internet-Draft IoT Security September 2017
reused for each application, then this solution does not seem to have
more cryptographic overhead compared to IPsec.
Several group key solutions have been developed by the MSEC working
group [WG-MSEC] of the IETF. The MIKEY architecture [RFC4738] is one
example. While these solutions are specifically tailored for
multicast and group broadcast applications in the Internet, they
should also be considered as candidate solutions for group key
agreement in IoT. The MIKEY architecture for example describes a
coordinator entity that disseminates symmetric keys over pair-wise
end-to-end secured channels. However, such a centralized approach
may not be applicable in a distributed IoT environment, where the
choice of one or several coordinators and the management of the group
key is not trivial.
5.3.2. Mobility and IP Network Dynamics
It is expected that many things (for example, wearable sensors, and
user devices) will be mobile in the sense that they are attached to
different networks during the lifetime of a security association.
Built-in mobility signaling can greatly reduce the overhead of the
cryptographic protocols because unnecessary and costly re-
establishments of the session (possibly including handshake and key
agreement) can be avoided. IKEv2 supports host mobility with the
MOBIKE [RFC4555] and [RFC4621] extension. MOBIKE refrains from
applying heavyweight cryptographic extensions for mobility. However,
MOBIKE mandates the use of IPsec tunnel mode which requires to
transmit an additional IP header in each packet. This additional
overhead could be alleviated by using header compression methods or
the Bound End- to-End Tunnel (BEET) mode [ID-Nikander], a hybrid of
tunnel and transport mode with smaller packet headers.
HIP offers a simple yet effective mobility management by allowing
hosts to signal changes to their associations [RFC8046]. However,
slight adjustments might be necessary to reduce the cryptographic
costs, for example, by making the public-key signatures in the
mobility messages optional. Diet HIP does not define mobility yet
but it is sufficiently similar to HIP and can use the same
mechanisms. TLS and DTLS do not have native mobility support,
however, work on DTLS mobility exists in the form of an Internet
draft [ID-Williams]. The specific need for IP-layer mobility mainly
depends on the scenario in which the nodes operate. In many cases,
mobility supported by means of a mobile gateway may suffice to enable
mobile IoT networks, such as body sensor networks.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 28]
Internet-Draft IoT Security September 2017
5.4. Software update
IoT devices have a reputation for being insecure, and yet, they are
expected to stay functional in live deployments for years and even
decades. Additionally, these devices typically operate unattended
with direct Internet connectivity. Therefore, a remote software
update mechanism to fix vulnerabilities, to update configuration
settings, and for adding new functionality is needed.
Schneier [SchneierSecurity] in his essay expresses concerns about the
status of software and firmware update mechanisms for Internet of
Things (IoT) devices. He highlights several challenges that hinder
mechanisms for secure software update of IoT devices. First, there
is a lack of incentives for manufactures, vendors and others on the
supply chain to issue updates for their devices. Second, parts of
the software running on IoT devices is simply a binary blob without
any source code available. Since the complete source code is not
available, no patches can be written for that piece of code. Lastly
Schneier points out that even when updates are available, users
generally have to manually download and install them. However, users
are never alerted about security updates and at many times do not
have the necessary expertise to manually administer the required
updates.
The FTC staff report on Internet of Things - Privacy & Security in a
Connected World [FTCreport] and the Article 29 Working Party Opinion
8/2014 on the on Recent Developments on the Internet of Things
[Article29] also document the challenges for secure remote software
update of IoT devices. They note that even providing such a software
update capability may add new vulnerabilities for constrained
devices. For example, a buffer overflow vulnerability in the
implementation of a software update protocol (TR69) [TR69] and an
expired certificate in a hub device [wink] demonstrate how the
software update process itself can introduce vulnerabilities.
While powerful IoT devices that run general purpose operating systems
can make use of sophisticated software update mechanisms known from
the desktop world, a more considerate effort is needed for resource-
constrained devices that don't have any operating system and are
typically not equipped with a memory management unit or similar
tools.
It is important to mention previous and ongoing work in the area of
secure software and firmware updates at the IETF. [RFC4108]
describes how Cryptographic Message Syntax (CMS) [RFC5652] can be
used to protect firmware packages. The IAB has also organized a
workshop to understand the challenges for secure software update of
IoT devices. A summary of the workshop and the proposed next steps
Garcia-Morchon, et al. Expires March 14, 2018 [Page 29]
Internet-Draft IoT Security September 2017
have been documented [iotsu]. Finally, a new working group called
Firmware UpDate (fud) [WG-FUD] is currently being chartered at the
IETF. The working group aims to standardize a new version [RFC4108]
that reflects the best current practices for firmware update based on
experience with IoT deployments. It will specifically work on
describing an IoT firmware update architecture and specifying a
manifest format that contains meta-data about the firmware update
package.
5.5. Verifying device behavior
Users often have a false sense of privacy when using new Internet of
Things (IoT) appliances such as Internet-connected smart televisions,
speakers and cameras. Recent revelations have shown that this user
belief is often unfounded. Many IoT device vendors have been caught
collecting sensitive private data through these connected appliances
with or without appropriate user warnings [cctv].
An IoT device user/owner would like to monitor and verify its
operational behavior. For instance, the user might want to know if
the device is connecting to the server of the manufacturer for any
reason. This feature - connected to the manufacturer's server - may
be necessary in some scenarios, such as during the initial
configuration of the device. However, the user should be kept aware
of the data that the device is sending back to the vendor. For
example, the user might want to know if his/her TV is sending data
when he/she inserts a new USB stick.
Providing such information to the users in an understandable fashion
is challenging. This is because IoT devices are not only resource-
constrained in terms of their computational capability, but also in
terms of the user interface available. Also, the network
infrastructure where these devices are deployed will vary
significantly from one user environment to another. Therefore, where
and how this monitoring feature is implemented still remains an open
question.
Manufacturer Usage Description (MUD) files [ID-MUD] are perhaps a
first step towards implementation of such a monitoring service. The
idea behind MUD files is relatively simple: IoT devices would
disclose the location of their MUD file to the network during
installation. The network can then retrieve those files, and learn
about the intended behavior of the devices stated by the device
manufacturer. A network monitoring service could then warn the user/
owner of devices if they don't behave as expected.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 30]
Internet-Draft IoT Security September 2017
5.6. End-of-life
Like all commercial devices, most IoT devices will be end-of-lifed by
vendors or even network operators. This may be planned or unplanned
(for example when the vendor or manufacturer goes bankrupt or when a
network operator moves to a different type of networking technology).
A user should still be able to use and perhaps even update the
device. This requires for some form of authorization handover.
Although this may seem far-fetched given the commercial interests and
market dynamics, we have examples from the mobile world where the
devices have been functional and up-to-date long after the original
vendor stopped supporting the device. CyanogenMod for Android
devices, and OpenWrt for home routers are two such instances where
users have been able to use and update their devices even after they
were end-of-lifed. Admittedly these are not easy for an average
users to install and configure on their devices. With the deployment
of millions of IoT devices, simpler mechanisms are needed to allow
users to add new root-of-trusts and install software and firmware
from other sources once the device has been end-of-lifed.
5.7. Testing: bug hunting and vulnerabilities
Given that IoT devices often have inadvertent vulnerabilities, both
users and developers would want to perform extensive testing on their
IoT devices, networks, and systems. Nonetheless, since the devices
are resource-constrained and manufactured by multiple vendors, some
of them very small, devices might be shipped with very limited
testing, so that bugs can remain and can be exploited at a later
stage. This leads to two main types of challenges:
1. It remains to be seen how the software testing and quality
assurance mechanisms used from the desktop and mobile world will
be applied to IoT devices to give end users the confidence that
the purchased devices are robust.
2. It is also an open question how the combination of devices from
multiple vendors might actually lead to dangerous network
configurations, for example, if combination of specific devices
can trigger unexpected behavior.
5.8. Quantum-resistance
Many IoT systems that are being deployed today will remain
operational for many years. With the advancements made in the field
of quantum computers, it is possible that large-scale quantum
computers are available in the future for performing cryptanalysis on
existing cryptographic algorithms and cipher suites. If this
Garcia-Morchon, et al. Expires March 14, 2018 [Page 31]
Internet-Draft IoT Security September 2017
happens, it will have two consequences. First, functionalities
enabled by means of RSA/ECC - namely key exchange, public-key
encryption and signature - would not be secure anymore due to Shor's
algorithm. Second, the security level of symmetric algorithms will
decrease, for example, the security of a block cipher with a key size
of b bits will only offer b/2 bits of security due to Grover's
algorithm.
The above scenario becomes more urgent when we consider the so called
"harvest and decrypt" attack in which an attacker can start to
harvest (store) encrypted data today, before a quantum-computer is
available, and decrypt it years later, once a quantum computer is
available.
This situation would require us to move to quantum-resistant
alternatives, in particular, for those functionalities involving key
exchange, public-key encryption and signatures. [ID-c2pq] describes
when quantum computers may become widely available and what steps are
necessary for transition to cryptographic algorithms that provide
security even in presence of quantum computers. While future
planning is hard, it may be a necessity in certain critical IoT
deployments which are expected to last decades or more. Although
increasing the key-size of the different algorithms is definitely an
option, it would also incur additional computational overhead and
network traffic. This would be undesirable in most scenarios. There
have been recent advancements in quantum-resistant cryptography.
We refer to [ETSI_GR_QSC_001] for an extensive overview of existing
quantum-resistant cryptography. [RFC7696] provides guidelines for
cryptographic algorithm agility.
5.9. Privacy protection
Users will be surrounded by hundreds of connected devices. Even if
the communication links are encrypted and protected, information
about the users might be collected for different purposes affecting
their privacy. In [Ziegeldorf], privacy in IoT is defined as the
threefold guarantee to the user for: 1. awareness of privacy risks
imposed by smart things and services surrounding the data subject, 2.
individual control over the collection and processing of personal
information by the surrounding smart things, 3. awareness and control
of subsequent use and dissemination of personal information by those
entities to any entity outside the subject's personal control sphere.
Based on this definition, several privacy threats and challenges have
been documented [Ziegeldorf] and [RFC6973]:
Garcia-Morchon, et al. Expires March 14, 2018 [Page 32]
Internet-Draft IoT Security September 2017
Devices such as mobile phones, notebooks, tablets and other handheld
computing devices which will include Bluetooth 4.1 chipsets will also
have the low-energy functionality of Bluetooth. Bluetooth LE will
also be included in many different types of accessories that
collaborate with mobile devices such as phones, tablets and notebook
computers. An example of a use case for a Bluetooth LE accessory is
a heart rate monitor that sends data via the mobile phone to a server
on the Internet.
2.1. Bluetooth LE stack
The lower layer of the Bluetooth LE stack consists of the Physical
(PHY), the Link Layer (LL), and a test interface called the Direct
Test Mode (DTM). The Physical Layer transmits and receives the
actual packets. The Link Layer is responsible for providing medium
access, connection establishment, error control and flow control.
The Direct Test Mode is only used for testing purposes. The upper
layer consists of the Logical Link Control and Adaptation Protocol
(L2CAP), Attribute Protocol (ATT), Security Manager (SM), Generic
Attribute Profile (GATT) and Generic Access Profile (GAP) as shown in
Figure 1. The device internal Host Controller Interface (HCI)
separates the lower layers, often implemented in the Bluetooth
controller, from higher layers, often implemented in the host stack.
GATT and Bluetooth LE profiles together enable the creation of
applications in a standardized way without using IP. L2CAP provides
multiplexing capability by multiplexing the data channels from the
above layers. L2CAP also provides fragmentation and reassembly for
large data packets. The Security Manager defines a protocol and
mechanisms for pairing, key distribution and a security toolbox for
the Bluetooth LE device.
+-------------------------------------------------+
| Applications |
+---------------------------------------+---------+
| Generic Attribute Profile | Generic |
+--------------------+------------------+ Access |
| Attribute Protocol | Security Manager | Profile |
+--------------------+------------------+---------+
| Logical Link Control and Adaptation Protocol |
- - -+-----------------------+-------------------------+- - - HCI
| Link Layer | Direct Test Mode |
+-------------------------------------------------+
| Physical Layer |
+-------------------------------------------------+
Figure 1: Bluetooth LE Protocol Stack
Nieminen, et al. Expires November 23, 2015 [Page 4]
Internet-Draft IPv6 over Bluetooth LE May 2015
As shown in Section 3.1, IPv6 over Bluetooth LE requires an adapted
6LoWPAN layer which runs on top of Bluetooth LE L2CAP.
2.2. Link layer roles and topology
Bluetooth LE defines two GAP roles of relevance herein: the Bluetooth
LE central role and the Bluetooth LE peripheral role. A device in
the central role, which is called central from now on, has
traditionally been able to manage multiple simultaneous connections
with a number of devices in the peripheral role, called peripherals
from now on. A peripheral is commonly connected to a single central,
but since Bluetooth 4.1 can also connect to multiple centrals. In
this document for IPv6 networking purposes the Bluetooth LE network
(i.e. a Bluetooth LE piconet) follows a star topology shown in the
Figure 2, where the router typically implements the Bluetooth LE
central role and nodes implement the Bluetooth LE peripheral role.
In the future mesh networking may be defined for IPv6 over Bluetooth
LE.
Peripheral --. .-- Peripheral
\ /
Peripheral ---- Central ---- Peripheral
/ \
Peripheral --' '-- Peripheral
Figure 2: Bluetooth LE Star Topology
In Bluetooth LE, direct wireless communication only takes place
between a central and a peripheral. This means that inherently the
Bluetooth LE star represents a hub and spokes link model.
Nevertheless, two peripherals may communicate through the central by
using IP routing functionality per this specification.
2.3. Bluetooth LE device addressing
Every Bluetooth LE device is identified by a 48-bit device address.
The Bluetooth specification describes the device address of a
Bluetooth LE device as:"Devices are identified using a device
address. Device addresses may be either a public device address or a
random device address." [BTCorev4.1]. The public device addresses
are based on the IEEE 802-2001 standard [IEEE802-2001]. The random
device addresses are generated as defined in the Bluetooth
specification. This typically happens at every power cycle of a
device. In random addresses all 48 bits are randomized. Bluetooth
LE does not support device address collision avoidance or detection.
However, these 48 bit random device addresses have a very small
probability of being in conflict within a typical deployment.
Nieminen, et al. Expires November 23, 2015 [Page 5]
Internet-Draft IPv6 over Bluetooth LE May 2015
2.4. Bluetooth LE packets sizes and MTU
Optimal MTU defined for L2CAP fixed channels over Bluetooth LE is 27
bytes including the L2CAP header of four bytes. Default MTU for
Bluetooth LE is hence defined to be 27 bytes. Therefore, excluding
L2CAP header of four bytes, protocol data unit (PDU) size of 23 bytes
is available for upper layers. In order to be able to transmit IPv6
packets of 1280 bytes or larger, link layer fragmentation and
reassembly solution is provided by the L2CAP layer. The IPSP defines
means for negotiating up a link-layer connection that provides MTU of
1280 bytes or higher for the IPv6 layer [IPSP]. The link-layer MTU
is negotiated separately for each direction. Implementations that
require single link-layer MTU value SHALL use the smallest of the
possibly different MTU values.
3. Specification of IPv6 over Bluetooth Low Energy
Bluetooth LE technology sets strict requirements for low power
consumption and thus limits the allowed protocol overhead. 6LoWPAN
standards [RFC6775], and [RFC6282] provide useful functionality for
reducing overhead, which are applied to Bluetooth LE. This
functionality comprises of link-local IPv6 addresses and stateless
IPv6 address autoconfiguration (see Section 3.2.1), Neighbor
Discovery (see Section 3.2.2) and header compression (see
Section 3.2.3). Fragmentation features from 6LoWPAN standards are
not used due Bluetooth LE's link layer fragmentation support (see
Section 2.4).
A significant difference between IEEE 802.15.4 and Bluetooth LE is
that the former supports both star and mesh topology (and requires a
routing protocol), whereas Bluetooth LE does not currently support
the formation of multihop networks at the link layer. However,
inter- peripheral communication through the central is enabled by
using IP routing functionality per this specification.
In Bluetooth LE a central node is assumed to be less constrained than
a peripheral node. Hence, in the primary deployment scenario central
and peripheral will act as 6LoWPAN Border Router (6LBR) and a 6LoWPAN
Node (6LN), respectively.
Before any IP-layer communications can take place over Bluetooth LE,
Bluetooth LE enabled nodes such as 6LNs and 6LBRs have to find each
other and establish a suitable link-layer connection. The discovery
and Bluetooth LE connection setup procedures are documented by
Bluetooth SIG in the IPSP specification [IPSP].
In the rare case of Bluetooth LE random device address conflict, a
6LBR can detect multiple 6LNs with the same Bluetooth LE device
Nieminen, et al. Expires November 23, 2015 [Page 6]
Internet-Draft IPv6 over Bluetooth LE May 2015
address, as well as a 6LN with the same Bluetooth LE address as the
6LBR. The 6LBR MUST ignore 6LNs with the same device address the
6LBR has, and the 6LBR MUST have at most one connection for a given
Bluetooth LE device address at any given moment. This will avoid
addressing conflicts within a Bluetooth LE network. The IPSP depends
on Bluetooth version 4.1, and hence both Bluetooth version 4.1, or
newer, and IPSP version 1.0, or newer, are required for IPv6
communications.
3.1. Protocol stack
Figure 3 illustrates how IPv6 stack works in parallel to GATT stack
on top of Bluetooth LE L2CAP layer. GATT stack is needed herein for
discovering nodes supporting Internet Protocol Support Service. UDP
and TCP are provided as examples of transport protocols, but the
stack can be used by any other upper layer protocol capable of
running atop of IPv6.
+---------+ +----------------------------+
| IPSS | | UDP/TCP/other |
+---------+ +----------------------------+
| GATT | | IPv6 |
+---------+ +----------------------------+
| ATT | | 6LoWPAN for Bluetooth LE |
+---------+--+----------------------------+
| Bluetooth LE L2CAP |
- - +-----------------------------------------+- - - HCI
| Bluetooth LE Link Layer |
+-----------------------------------------+
| Bluetooth LE Physical |
+-----------------------------------------+
Figure 3: IPv6 and IPSS on Bluetooth LE Stack
3.2. Link model
The concept of IPv6 link (layer 3) and the physical link (combination
of PHY and MAC) needs to be clear and the relationship has to be well
understood in order to specify the addressing scheme for transmitting
IPv6 packets over the Bluetooth LE link. RFC 4861 [RFC4861] defines
a link as "a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer immediately below
IPv6."
In the case of Bluetooth LE, 6LoWPAN layer is adapted to support
transmission of IPv6 packets over Bluetooth LE. The IPSP defines all
steps required for setting up the Bluetooth LE connection over which
6LoWPAN can function [IPSP], including handling the link-layer
Nieminen, et al. Expires November 23, 2015 [Page 7]
Internet-Draft IPv6 over Bluetooth LE May 2015
fragmentation required on Bluetooth LE, as described in Section 2.4.
Even though MTUs larger than 1280 bytes can be supported, use of 1280
byte is RECOMMENDED in order to avoid need for Path MTU discovery
procedures.
While Bluetooth LE protocols, such as L2CAP, utilize little-endian
byte orderering, IPv6 packets MUST be transmitted in big endian order
(network byte order).
Per this specification, the IPv6 header compression format specified
in RFC 6282 MUST be used [RFC6282]. The IPv6 payload length can be
derived from the L2CAP header length and the possibly elided IPv6
address can be reconstructed from the link-layer address, used at the
time of Bluetooth LE connection establishment, from the HCI
Connection Handle during connection, compression context if any, and
from address registration information (see Section 3.2.2).
Bluetooth LE connections used to build a star topology are point-to-
point in nature, as Bluetooth broadcast features are not used for
IPv6 over Bluetooth LE (except for discovery of nodes supporting
IPSS). As the IPv6 over Bluetooth LE is intended for constrained
nodes, and for Internet of Things use cases and environments,
multilink model's benefits are considered to overweight multilink
model's drawbacks described in RFC 4903 [RFC4903]. Hence a multilink
model has been chosen, as further illustrated in Section 3.3.
Because of this, link-local multicast communications can happen only
within a single Bluetooth LE connection, and thus 6LN-to-6LN
communications using link-local addresses are not possible. 6LNs
connected to the same 6LBR has to communicate with each other by
using the shared prefix used on the subnet. The 6LBR ensures address
collisions do not occur (see Section 3.2.2) and forwards packets sent
by one 6LN to another.
After the peripheral and central have connected at the Bluetooth LE
level, the link can be considered up and IPv6 address configuration
and transmission can begin.
3.2.1. Stateless address autoconfiguration
At network interface initialization, both 6LN and 6LBR SHALL generate
and assign to the Bluetooth LE network interface IPv6 link-local
addresses [RFC4862] based on the 48-bit Bluetooth device addresses
(see Section 2.3) that were used for establishing underlying
Bluetooth LE connection. Following guidance of [RFC7136], a 64-bit
Interface Identifier (IID) is formed from 48-bit Bluetooth device
address by inserting two octets, with hexadecimal values of 0xFF and
0xFE in the middle of the 48-bit Bluetooth device address as shown in
Figure 4. In the Figure letter 'b' represents a bit from Bluetooth
Nieminen, et al. Expires November 23, 2015 [Page 8]
Internet-Draft IPv6 over Bluetooth LE May 2015
device address, copied as is without any changes on any bit. This
means that no bit in IID indicates whether the underlying Bluetooth
device address is public or random.
|0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|bbbbbbbbbbbbbbbb|bbbbbbbb11111111|11111110bbbbbbbb|bbbbbbbbbbbbbbbb|
+----------------+----------------+----------------+----------------+
Figure 4: Formation of IID from Bluetooth device adddress
The IID is then appended with prefix fe80::/64, as described in RFC
4291 [RFC4291] and as depicted in Figure 5. The same link-local
address SHALL be used for the lifetime of the Bluetooth LE L2CAP
channel. (After Bluetooth LE logical link has been established, it
is referenced with a Connection Handle in HCI. Thus possibly
changing device addresses do not impact data flows within existing
L2CAP channel. Hence there is no need to change IPv6 link-local
addresses even if devices change their random device addresses during
L2CAP channel lifetime).
10 bits 54 bits 64 bits
+----------+-----------------+----------------------+
|1111111010| zeros | Interface Identifier |
+----------+-----------------+----------------------+
Figure 5: IPv6 link-local address in Bluetooth LE
A 6LN MUST join the all-nodes multicast address. There is no need
for 6LN to join the solicited-node multicast address, since 6LBR will
know device addresses and hence link-local addresses of all connected
6LNs. The 6LBR will ensure no two devices with the same Bluetooth LE
device address are connected at the same time. Effectively duplicate
address detection for link-local addresses is performed by the 6LBR's
software responsible of discovery of IP-enabled Bluetooth LE nodes
and of starting Bluetooth LE connection establishment procedures.
This approach increases complexity of 6LBR, but reduces power
consumption on both 6LN and 6LBR at link establishment phase by
reducing number of mandatory packet transmissions.
After link-local address configuration, 6LN sends Router Solicitation
messages as described in [RFC4861] Section 6.3.7.
Nieminen, et al. Expires November 23, 2015 [Page 9]
Internet-Draft IPv6 over Bluetooth LE May 2015
For non-link-local addresses a 64-bit IID MAY be formed by utilizing
the 48-bit Bluetooth device address. A 6LN can also use a randomly
generated IID (see Section 3.2.2), for example, as discussed in
[I-D.ietf-6man-default-iids], or use alternatice schemes such as
Cryptographically Generated Addresses (CGA) [RFC3972], privacy
extensions [RFC4941], Hash-Based Addresses (HBA, [RFC5535]), or
DHCPv6 [RFC3315]. The non-link-local addresses 6LN generates MUST be
registered with 6LBR as described in Section 3.2.2.
The tool for a 6LBR to obtain an IPv6 prefix for numbering the
Bluetooth LE network is out of scope of this document, but can be,
for example, accomplished via DHCPv6 Prefix Delegation [RFC3633] or
by using Unique Local IPv6 Unicast Addresses (ULA) [RFC4193]. Due to
the link model of the Bluetooth LE (see Section 2.2) the 6LBR MUST
set the "on-link" flag (L) to zero in the Prefix Information Option
[RFC4861]. This will cause 6LNs to always send packets to the 6LBR,
including the case when the destination is another 6LN using the same
prefix.
3.2.2. Neighbor discovery
'Neighbor Discovery Optimization for IPv6 over Low-Power Wireless
Personal Area Networks (6LoWPANs)' [RFC6775] describes the neighbor
discovery approach as adapted for use in several 6LoWPAN topologies,
including the mesh topology. Bluetooth LE does not support mesh
networks and hence only those aspects that apply to a star topology
are considered.
The following aspects of the Neighbor Discovery optimizations
[RFC6775] are applicable to Bluetooth LE 6LNs:
1. A Bluetooth LE 6LN MUST NOT register its link-local address. A
Bluetooth LE 6LN MUST register its non-link-local addresses with the
6LBR by sending a Neighbor Solicitation (NS) message with the Address
Registration Option (ARO) and process the Neighbor Advertisement (NA)
accordingly. The NS with the ARO option MUST be sent irrespective of
the method used to generate the IID. If the 6LN registers for a same
compression context multiple addresses that are not based on
Bluetooth device address, the header compression efficiency will
decrease (see Section 3.2.3).
2. For sending Router Solicitations and processing Router
Advertisements the Bluetooth LE 6LNs MUST, respectively, follow
Sections 5.3 and 5.4 of the [RFC6775].
Nieminen, et al. Expires November 23, 2015 [Page 10]
Internet-Draft IPv6 over Bluetooth LE May 2015
3.2.3. Header compression
Header compression as defined in RFC 6282 [RFC6282], which specifies
the compression format for IPv6 datagrams on top of IEEE 802.15.4, is
REQUIRED in this document as the basis for IPv6 header compression on
top of Bluetooth LE. All headers MUST be compressed according to RFC
6282 [RFC6282] encoding formats.
The Bluetooth LE's star topology structure and ARO can be exploited
in order to provide a mechanism for address compression. The
following text describes the principles of IPv6 address compression
on top of Bluetooth LE.
The ARO option requires use of EUI-64 identifier [RFC6775]. In the
case of Bluetooth LE, the field SHALL be filled with the 48-bit
device address used by the Bluetooth LE node converted into 64-bit
Modified EUI-64 format [RFC4291].
To enable efficient header compression, the 6LBR MUST include 6LoWPAN
Context Option (6CO) [RFC6775] for all prefixes the 6LBR advertises
in Router Advertisements for use in stateless address
autoconfiguration.
When a 6LN is sending a packet to or through a 6LBR, it MUST fully
elide the source address if it is a link-local address. A non-link-
local source address 6LN has registered with ARO to the 6LBR for the
indicated prefix MUST be fully elided if the source address is the
latest address 6LN has registered for the indicated prefix. If a
source non-link-local address is not the latest registered, then the
64-bits of the IID SHALL be fully carried in-line (SAC=01) or if the
first 48-bits of the IID match with the latest registered address,
then the last 16-bits of the IID SHALL be carried in-line (SAC=10).
That is, if SAC=0 and SAM=11 the 6LN MUST be using the link-local
IPv6 address derived from Bluetooth LE device address, and if SAC=1
and SAM=11 the 6LN MUST have registered the source IPv6 address with
the prefix related to compression context and the 6LN MUST be
referring to the latest registered address related to compression
context. The IPv6 address MUST be considered to be registered only
after the 6LBR has sent Neighbor Advertisement with ARO having status
field set to success. The destination IPv6 address MUST be fully
elided if the destination address is 6LBR's link-local-address based
on the 6LBR's Bluetooth device address (DAC=0, DAM=11). The
destination IPv6 address MUST be fully or partially elided if context
has been set up for the destination address. For example, DAC=0 and
DAM=01 when destination prefix is link-local, and DAC=1 and DAM=01 if
compression context has been configured for the used destination
prefix.
Nieminen, et al. Expires November 23, 2015 [Page 11]
Internet-Draft IPv6 over Bluetooth LE May 2015
1. Identification - refers to the identification of the users and
their objects.
2. Localization - relates to the capability of locating a user and
even tracking them.
3. Profiling - is about creating a profile of the user and their
preferences.
4. Interaction - occurs when a user has been profiled and a given
interaction is preferred, presenting (for example, visually) some
information that discloses private information.
5. Lifecycle transitions - take place when devices are, for example,
sold without properly removing private data.
6. Inventory attacks - happen if specific information about (smart)
objects in possession of a user is disclosed.
7. Linkage - is about when information of two of more IoT systems is
combined so that a broader view on the personal data is created.
When IoT systems are deployed, the above issues should be considered
to ensure that private data remains private. How to achieve this in
practice is still an area of ongoing research.
5.10. Data leakage
Many IoT devices are resource-constrained and often deployed in
unattended environments. Some of these devices can also be purchased
off-the-shelf or online without any credential-provisioning process.
Therefore, an attacker can have direct access to the device and apply
more advance techniques that a traditional black box model does not
consider such as side-channel attacks or code disassembly. By doing
this, the attacker can try to retrieve data such as:
1. long term keys that might be used perform attacks on devices
deployed in other locations.
2. source code that might let the user determine bugs or find
exploits to perform other types of attacks, or just sell it,
3. proprietary algorithms that could be counterfeited or modified to
perform advanced attacks.
Protection against such data leakage patterns is not trivial since
devices are inherently resource-constrained. An open question is
Garcia-Morchon, et al. Expires March 14, 2018 [Page 33]
Internet-Draft IoT Security September 2017
which techniques can be used to protect IoT devices in such an
adversarial model.
5.11. Trustworthy IoT Operation
Flaws in the design and implementation of a secure IoT device and
network can lead to secure vulnerabilities. An example is a flaw is
the distribution of an Internet-connected IoT device in which a
default password is used in all devices. Many IoT devices can be
found in the Internet by means of tools such as Shodan [shodan], and
if they have any vulnerability, it can then be exploited at scale,
for example, to launch DDoS attacks. This is not fiction but reality
as Dyn, a mayor DNS was attacked by means of a DDoS attack originated
from a large IoT botnet composed of thousands of compromised IP-
cameras [dyn-attack]. Open questions in this area are:
1. How to prevent large scale vulnerabilities in IoT devices?
2. How to prevent attackers from exploiting vulnerabilities in IoT
devices at large scale?
3. If the vulnerability has been exploited, how do we stop a large
scale attack before any damage is caused?
Some ideas are being explored to address this issue. One of this
approaches refers to the specification of Manufacturer Usage
Description (MUD) files [ID-MUD]. As explained earlier, this
proposal requires IoT devices to disclose the location of their MUD
file to the network during installation. The network can then (i)
retrieve those files, (ii) learn from the manufacturers the intended
usage of the devices, for example, which services they require to
access, and then (iii) create suitable filters such as firewall
rules.
6. Conclusions and Next Steps
This Internet Draft provides IoT security researchers, system
designers and implementers with an overview of both operational and
security requirements in the IP-based Internet of Things. We discuss
a general threat model, security challenges, and state-of-the-art to
mitigate security threats.
Although plenty of steps have been realized during the last few years
(summarized in Section 4.1) and many organizations are publishing
general recommendations (Section 4.3) describing how IoT should be
secured, there are many challenges ahead that require further
attention. Challenges of particular importance are bootstrapping of
security, group security, secure software updates, long-term security
Garcia-Morchon, et al. Expires March 14, 2018 [Page 34]
Internet-Draft IoT Security September 2017
and quantum-resistance, privacy protection, data leakage prevention -
where data could be cryptographic keys, personal data, or even
algorithms - and ensuring trustworthy IoT operation. All these
problems are important; however, different deployment environments
have different operational and security demands. Thus, a potential
approach is the definition and standardization of security profiles,
each with specific mitigation strategies according to the risk
assessment associated with the security profile. Such an approach
would ensure minimum security capabilities in different environments
while ensuring interoperability.
7. Security Considerations
This document reflects upon the requirements and challenges of the
security architectural framework for the Internet of Things.
8. IANA Considerations
This document contains no request to IANA.
9. Acknowledgments
We gratefully acknowledge feedback and fruitful discussion with
Tobias Heer, Robert Moskowitz, Thorsten Dahm, Hannes Tschofenig,
Barry Raveendran, Ari Keranen, Goran Selander, Fred Baker and Eliot
Lear. We acknowledge the additional authors of the previous version
of this document Sye Loong Keoh, Rene Hummen and Rene Struik.
10. Informative References
[Article29]
"Opinion 8/2014 on the on Recent Developments on the
Internet of Things", Web http://ec.europa.eu/justice/data-
protection/article-29/documentation/opinion-
recommendation/files/2014/wp223_en.pdf, n.d..
[AUTO-ID] "AUTO-ID LABS", Web http://www.autoidlabs.org/, September
2010.
[BACNET] "BACnet", Web http://www.bacnet.org/, February 2011.
[BITAG] "Internet of Things (IoT) Security and Privacy
Recommendations", Web http://www.bitag.org/report-
internet-of-things-security-privacy-recommendations.php,
n.d..
Garcia-Morchon, et al. Expires March 14, 2018 [Page 35]
Internet-Draft IoT Security September 2017
[cctv] "Backdoor In MVPower DVR Firmware Sends CCTV Stills To an
Email Address In China", Web
https://hardware.slashdot.org/story/16/02/17/0422259/
backdoor-in-mvpower-dvr-firmware-sends-cctv-stills-to-an-
email-address-in-china, n.d..
[CSA] "Security Guidance for Early Adopters of the Internet of
Things (IoT)", Web
https://downloads.cloudsecurityalliance.org/whitepapers/Se
curity_Guidance_for_Early_Adopters_of_the_Internet_of_Thin
gs.pdf, n.d..
[d2dsecurity]
Haus, M., Waqas, M., Ding, A., Li, Y., Tarkoma, S., and J.
Ott, "Security and Privacy in Device-to-Device (D2D)
Communication: A Review", IEEE Communications Surveys and
Tutorials , 2016.
[DALI] "DALI", Web http://www.dalibydesign.us/dali.html, February
2011.
[DHS] "Strategic Principles For Securing the Internet of Things
(IoT)", Web
https://www.dhs.gov/sites/default/files/publications/
Strategic_Principles_for_Securing_the_Internet_of_Things-
2016-1115-FINAL....pdf, n.d..
[dyn-attack]
"Dyn Analysis Summary Of Friday October 21 Attack", Web
https://dyn.com/blog/dyn-analysis-summary-of-friday-
october-21-attack/, n.d..
[ENISA_ICS]
"Communication network dependencies for ICS/SCADA
Systems", European Union Agency For Network And
Information Security , February 2017.
[ETSI_GR_QSC_001]
"Quantum-Safe Cryptography (QSC);Quantum-safe algorithmic
framework", European Telecommunications Standards
Institute (ETSI) , June 2016.
[Fairhair]
"Fairhair Alliance", Web https://www.fairhair-
alliance.org/, n.d..
[FCC] "Federal Communications Comssion Response 12-05-2016",
FCC , February 2016.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 36]
Internet-Draft IoT Security September 2017
[FTCreport]
"FTC Report on Internet of Things Urges Companies to Adopt
Best Practices to Address Consumer Privacy and Security
Risks", Web https://www.ftc.gov/news-events/press-
releases/2015/01/ftc-report-internet-things-urges-
companies-adopt-best-practices, n.d..
[GSMAsecurity]
"GSMA IoT Security Guidelines", Web
http://www.gsma.com/connectedliving/future-iot-networks/
iot-security-guidelines/, n.d..
[ID-6lonfc]
Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi,
"Transmission of IPv6 Packets over Near Field
Communication", draft-ietf-6lo-nfc-07 (work in progress),
June 2017.
[ID-6tisch]
Thubert, P., "An Architecture for IPv6 over the TSCH mode
of IEEE 802.15.4", draft-ietf-6tisch-architecture-12 (work
in progress), August 2017.
[ID-acedtls]
Gerdes, S., Bergmann, O., Bormann, C., Selander, G., and
L. Seitz, "Datagram Transport Layer Security (DTLS)
Profile for Authentication and Authorization for
Constrained Environments (ACE)", draft-ietf-ace-dtls-
authorize-01 (work in progress), July 2017.
[ID-aceoauth]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
H. Tschofenig, "Authentication and Authorization for
Constrained Environments (ACE)", draft-ietf-ace-oauth-
authz-07 (work in progress), August 2017.
[ID-bootstrap]
Sarikaya, B., Sethi, M., and A. Sangi, "Secure IoT
Bootstrapping: A Survey", draft-sarikaya-t2trg-
sbootstrapping-03 (work in progress), February 2017.
[ID-c2pq] Hoffman, P., "The Transition from Classical to Post-
Quantum Cryptography", draft-hoffman-c2pq-02 (work in
progress), August 2017.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 37]When a 6LBR is transmitting packets to 6LN, it MUST fully elide the
source IID if the source IPv6 address is the link-local address based
on 6LBR's Bluetooth device address (SAC=0, SAM=11), and it MUST elide
the source prefix or address if a compression context related to the
IPv6 source address has been set up. The 6LBR also MUST fully elide
the destination IPv6 address if it is the link-local-address based on
6LN's Bluetooth device address (DAC=0, DAM=11), or if the destination
address is the latest registered by the 6LN with ARO for the
indicated context (DAC=1, DAM=11). If the destination address is a
non-link-local address and not the latest registered, then 6LN MUST
either include the IID part fully in-line (DAM=01) or, if the first
48-bits of IID match to the latest registered address, then elide
those 48-bits (DAM=10).
3.2.3.1. Remote destination example
When a 6LN transmits an IPv6 packet to a remote destination using
global Unicast IPv6 addresses, if a context is defined for the 6LN's
global IPv6 address, the 6LN has to indicate this context in the
corresponding source fields of the compressed IPv6 header as per
Section 3.1 of RFC 6282 [RFC6282], and has to elide the full IPv6
source address previously registered with ARO (if using the latest
registered address, otherwise full or part of IID may have to be
transmitted in-line). For this, the 6LN MUST use the following
settings in the IPv6 compressed header: SAC=1 and SAM=11. The CID
may be set 0 or 1, depending which context is used. In this case,
the 6LBR can infer the elided IPv6 source address since 1) the 6LBR
has previously assigned the prefix to the 6LNs; and 2) the 6LBR
maintains a Neighbor Cache that relates the Device Address and the
IID the device has registered with ARO. If a context is defined for
the IPv6 destination address, the 6LN has to also indicate this
context in the corresponding destination fields of the compressed
IPv6 header, and elide the prefix of or the full destination IPv6
address. For this, the 6LN MUST set the DAM field of the compressed
IPv6 header as DAM=01 (if the context covers a 64-bit prefix) or as
DAM=11 (if the context covers a full, 128-bit address). DAC MUST be
set to 1. Note that when a context is defined for the IPv6
destination address, the 6LBR can infer the elided destination prefix
by using the context.
When a 6LBR receives an IPv6 packet sent by a remote node outside the
Bluetooth LE network, and the destination of the packet is a 6LN, if
a context is defined for the prefix of the 6LN's global IPv6 address,
the 6LBR has to indicate this context in the corresponding
destination fields of the compressed IPv6 header. The 6LBR has to
elide the IPv6 destination address of the packet before forwarding
it, if the IPv6 destination address is inferable by the 6LN. For
this, the 6LBR will set the DAM field of the IPv6 compressed header
Nieminen, et al. Expires November 23, 2015 [Page 12]
Internet-Draft IPv6 over Bluetooth LE May 2015
as DAM=11 (if the address is the latest 6LN has registered). DAC
needs to be set to 1. If a context is defined for the IPv6 source
address, the 6LBR needs to indicate this context in the source fields
of the compressed IPv6 header, and elide that prefix as well. For
this, the 6LBR needs to set the SAM field of the IPv6 compressed
header as SAM=01 (if the context covers a 64-bit prefix) or SAM=11
(if the context covers a full, 128-bit address). SAC is to be set to
1.
3.2.3.2. Example of registration of multiple-addresses
As described above, a 6LN can register multiple non-link-local
addresses that map to a same compression context. From the multiple
address registered, only the latest address can be fully elided
(SAM=11, DAM=11), and the IIDs of previously registered addresses
have to be transmitted fully in-line (SAM=01, DAM=01) or in the best
case can be partially elided (SAM=10, DAM=10). This is illustred in
an example below.
1) A 6LN registers first address 2001:db8::1111:2222:3333:4444 to a
6LBR. At this point the address can be fully elided using SAC=1/
SAM=11 or DAC=1/DAM=11.
2) The 6LN registers second address 2001:db8::1111:2222:3333:5555 to
the 6LBR. As the second address is now the latest registered, it can
be fully elided using SAC=1/SAM=11 or DAC=1/DAM=11. The first
address can now be partially elided using SAC=1/SAM=10 or DAC=1/
DAM=10, as the first 112 bits of the address are the same between the
first and the second registered addresses.
3) Expiration of registration time for the first or the second
address has no impact on the compression. Hence even if secondly
registered address expires, the first address can only be partially
elided (SAC=1/SAM=10, DAC=1/DAM=10). The 6LN can register a new
address, or re-register an expired address, to become able to again
fully elide an address.
3.2.4. Unicast and Multicast address mapping
The Bluetooth LE link layer does not support multicast. Hence
traffic is always unicast between two Bluetooth LE nodes. Even in
the case where a 6LBR is attached to multiple 6LNs, the 6LBR cannot
do a multicast to all the connected 6LNs. If the 6LBR needs to send
a multicast packet to all its 6LNs, it has to replicate the packet
and unicast it on each link. However, this may not be energy-
efficient and particular care must be taken if the central is
battery-powered. In the opposite direction, a 6LN always has to send
packets to or through 6LBR. Hence, when a 6LN needs to transmit an
Nieminen, et al. Expires November 23, 2015 [Page 13]
Internet-Draft IPv6 over Bluetooth LE May 2015
IPv6 multicast packet, the 6LN will unicast the corresponding
Bluetooth LE packet to the 6LBR.
3.3. Subnets and Internet connectivity scenarios
In a typical scenario, the Bluetooth LE network is connected to the
Internet as shown in the Figure 6. In this scenario, the Bluetooth
LE star is deployed as one subnet, using one /64 IPv6 prefix, with
each spoke representing individual link. The 6LBR is acting as
router and forwarding packets between 6LNs and to and from Internet.
/
.---------------. /
/ 6LN \ /
/ \ \ /
| \ | /
| 6LN ----------- 6LBR ----- | Internet
| <--Link--> / | \
\ / / \
\ 6LN / \
'---------------' \
\
<------ Subnet -----><-- IPv6 connection -->
to Internet
Figure 6: Bluetooth LE network connected to the Internet
In some scenarios, the Bluetooth LE network may transiently or
permanently be an isolated network as shown in the Figure 7. In this
case the whole star consist of a single subnet with multiple links,
where 6LBR is at central routing packets between 6LNs.
Nieminen, et al. Expires November 23, 2015 [Page 14]
Internet-Draft IPv6 over Bluetooth LE May 2015
.-------------------.
/ \
/ 6LN 6LN \
/ \ / \
| \ / |
| 6LN --- 6LBR --- 6LN |
| / \ |
\ / \ /
\ 6LN 6LN /
\ /
'-------------------'
<--------- Subnet ---------->
Figure 7: Isolated Bluetooth LE network
It is also possible to have point-to-point connection between two
6LNs, one of which being central and another being peripheral.
Similarly, it is possible to have point-to-point connections between
two 6LBRs, one of which being central and another being peripheral.
At this point in time mesh networking with Bluetooth LE is not
specified.
4. IANA Considerations
There are no IANA considerations related to this document.
5. Security Considerations
The transmission of IPv6 over Bluetooth LE links has similar
requirements and concerns for security as for IEEE 802.15.4.
Bluetooth LE Link Layer security considerations are covered by the
IPSP [IPSP].
Bluetooth LE Link Layer supports encryption and authentication by
using the Counter with CBC-MAC (CCM) mechanism [RFC3610] and a
128-bit AES block cipher. Upper layer security mechanisms may
exploit this functionality when it is available. (Note: CCM does not
consume bytes from the maximum per-packet L2CAP data size, since the
link layer data unit has a specific field for them when they are
used.)
Key management in Bluetooth LE is provided by the Security Manager
Protocol (SMP), as defined in [BTCorev4.1].
The IPv6 link-local address configuration described in Section 3.2.1
strictly binds the privacy level of IPv6 link-local address to the
privacy level device has selected for the Bluetooth LE. This means
Nieminen, et al. Expires November 23, 2015 [Page 15]
Internet-Draft IPv6 over Bluetooth LE May 2015
that a device using Bluetooth privacy features will retain the same
level of privacy with generated IPv6 link-local addresses.
Respectively, device not using privacy at Bluetooth level will not
have privacy at IPv6 link-local address either. For non-link local
addresses implementations have a choice to support, for example,
[I-D.ietf-6man-default-iids], [RFC3972], [RFC4941] or [RFC5535].
6. Additional contributors
Kanji Kerai, Jari Mutikainen, David Canfeng-Chen and Minjun Xi from
Nokia have contributed significantly to this document.
7. Acknowledgements
The Bluetooth, Bluetooth Smart and Bluetooth Smart Ready marks are
registred trademarks owned by Bluetooth SIG, Inc.
Samita Chakrabarti, Brian Haberman, Marcel De Kogel, Jouni Korhonen,
Erik Nordmark, Erik Rivard, Dave Thaler, Pascal Thubert, and Victor
Zhodzishsky have provided valuable feedback for this draft.
Authors would like to give special acknowledgements for Krishna
Shingala, Frank Berntsen, and Bluetooth SIG's Internet Working Group
for providing significant feedback and improvement proposals for this
document.
8. References
8.1. Normative References
[BTCorev4.1]
Bluetooth Special Interest Group, "Bluetooth Core
Specification Version 4.1", December 2013,
<https://www.bluetooth.org/en-us/specification/adopted-
specifications>.
[IPSP] Bluetooth Special Interest Group, "Bluetooth Internet
Protocol Support Profile Specification Version 1.0.0",
December 2014, <https://www.bluetooth.org/en-
us/specification/adopted-specifications>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
Nieminen, et al. Expires November 23, 2015 [Page 16]
Internet-Draft IPv6 over Bluetooth LE May 2015
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007.
[RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6
Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
September 2011.
[RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann,
"Neighbor Discovery Optimization for IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs)", RFC 6775,
November 2012.
[RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6
Interface Identifiers", RFC 7136, February 2014.
8.2. Informative References
[I-D.ietf-6man-default-iids]
Gont, F., Cooper, A., Thaler, D., and S. LIU,
"Recommendation on Stable IPv6 Interface Identifiers",
draft-ietf-6man-default-iids-03 (work in progress), May
2015.
[IEEE802-2001]
Institute of Electrical and Electronics Engineers (IEEE),
"IEEE 802-2001 Standard for Local and Metropolitan Area
Networks: Overview and Architecture", 2002.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with
CBC-MAC (CCM)
Internet-Draft IoT Security September 2017
[ID-Daniel]
Park, S., Kim, K., Haddad, W., Chakrabarti, S., and J.
Laganier, "IPv6 over Low Power WPAN Security Analysis",
draft-daniel-6lowpan-security-analysis-05 (work in
progress), March 2011.
[ID-dietesp]
Migault, D., Guggemos, T., and C. Bormann, "Diet-ESP: a
flexible and compressed format for IPsec/ESP", draft-mglt-
6lo-diet-esp-02 (work in progress), July 2016.
[ID-HIP-DEX]
Moskowitz, R., "HIP Diet EXchange (DEX)", draft-moskowitz-
hip-rg-dex-06 (work in progress), May 2012.
[ID-Moore]
Moore, K., Barnes, R., and H. Tschofenig, "Best Current
Practices for Securing Internet of Things (IoT) Devices",
draft-moore-iot-security-bcp-01 (work in progress), July
2017.
[ID-MUD] Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage
Description Specification", draft-ietf-opsawg-mud-08 (work
in progress), August 2017.
[ID-Nikander]
Nikander, P. and J. Melen, "A Bound End-to-End Tunnel
(BEET) mode for ESP", draft-nikander-esp-beet-mode-09
(work in progress), August 2008.
[ID-OSCOAP]
Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
"Object Security of CoAP (OSCOAP)", draft-ietf-core-
object-security-04 (work in progress), July 2017.
[ID-rd] Shelby, Z., Koster, M., Bormann, C., Stok, P., and C.
Amsuess, "CoRE Resource Directory", draft-ietf-core-
resource-directory-11 (work in progress), July 2017.
[ID-senml]
Jennings, C., Shelby, Z., Arkko, J., Keranen, A., and C.
Bormann, "Media Types for Sensor Measurement Lists
(SenML)", draft-ietf-core-senml-10 (work in progress),
July 2017.
[ID-Williams]
Williams, M. and J. Barrett, "Mobile DTLS", draft-barrett-
mobile-dtls-00 (work in progress), March 2009.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 38]
Internet-Draft IoT Security September 2017
[IEEE802ah]
"Status of Project IEEE 802.11ah, IEEE P802.11- Task Group
AH-Meeting Update.",
Web http://www.ieee802.org/11/Reports/tgah_update.htm,
n.d..
[IIoT] "Industrial Internet Consortium",
Web http://www.iiconsortium.org/, n.d..
[IoTSecFoundation]
"Establishing Principles for Internet of Things Security",
Web https://iotsecurityfoundation.org/establishing-
principles-for-internet-of-things-security/, n.d..
[iotsu] "Patching the Internet of Things: IoT Software Update
Workshop 2016", Web
https://www.ietf.org/blog/2016/07/patching-the-internet-
of-things-iot-software-update-workshop-2016/, n.d..
[IPSO] "IPSO Alliance", Web http://www.ipso-alliance.org, n.d..
[lora] "LoRa - Wide Area Networks for IoT", Web https://www.lora-
alliance.org/, n.d..
[LWM2M] "OMA LWM2M", Web http://openmobilealliance.org/iot/
lightweight-m2m-lwm2m, n.d..
[nbiot] "NarrowBand IoT", Web
http://www.3gpp.org/ftp/tsg_ran/TSG_RAN/TSGR_69/Docs/
RP-151621.zip, n.d..
[NHTSA] "Cybersecurity Best Practices for Modern Vehicles", Web
https://www.nhtsa.gov/staticfiles/nvs/
pdf/812333_CybersecurityForModernVehicles.pdf, n.d..
[NIST-Guide]
Ross, R., McEvilley, M., and J. Oren, "Systems Security
Engineering", Web
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-160.pdf, n.d..
[NIST-SP80053]
"Security and Privacy Controls for Federal Information
Systems and Organizations",
Web http://dx.doi.org/10.6028/NIST.SP.800-53r4, n.d..
Garcia-Morchon, et al. Expires March 14, 2018 [Page 39]
Internet-Draft IoT Security September 2017
[nist_lightweight_project]
"NIST lightweight Project", Web www.nist.gov/programs-
projects/lightweight-cryptography,
www.nist.gov/sites/default/files/documents/2016/10/17/
sonmez-turan-presentation-lwc2016.pdf, n.d..
[OCF] "Open Connectivity Foundation",
Web https://openconnectivity.org/, n.d..
[OneM2M] "OneM2M", Web http://www.onem2m.org/, n.d..
[OWASP] "IoT Security Guidance",
Web https://www.owasp.org/index.php/IoT_Security_Guidance,
n.d..
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000, <https://www.rfc-
editor.org/info/rfc2818>.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, Ed., "Extensible Authentication Protocol
(EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004,
<https://www.rfc-editor.org/info/rfc3748>.
[RFC3756] Nikander, P., Ed., Kempf, J., and E. Nordmark, "IPv6
Neighbor Discovery (ND) Trust Models and Threats",
RFC 3756, DOI 10.17487/RFC3756, May 2004,
<https://www.rfc-editor.org/info/rfc3756>.
[RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain
Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August
2004, <https://www.rfc-editor.org/info/rfc3833>.
[RFC4016] Parthasarathy, M., "Protocol for Carrying Authentication
and Network Access (PANA) Threat Analysis and Security
Requirements", RFC 4016, DOI 10.17487/RFC4016, March 2005,
<https://www.rfc-editor.org/info/rfc4016>.
[RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to
Protect Firmware Packages", RFC 4108,
DOI 10.17487/RFC4108, August 2005, <https://www.rfc-
editor.org/info/rfc4108>.
[RFC4555] Eronen, P., "IKEv2 Mobility and Multihoming Protocol
(MOBIKE)", RFC 4555, DOI 10.17487/RFC4555, June 2006,
<https://www.rfc-editor.org/info/rfc4555>.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 40]
Internet-Draft IoT Security September 2017
[RFC4621] Kivinen, T. and H. Tschofenig, "Design of the IKEv2
Mobility and Multihoming (MOBIKE) Protocol", RFC 4621,
DOI 10.17487/RFC4621, August 2006, <https://www.rfc-
editor.org/info/rfc4621>.
[RFC4738] Ignjatic, D., Dondeti, L., Audet, F., and P. Lin, "MIKEY-
RSA-R: An Additional Mode of Key Distribution in
Multimedia Internet KEYing (MIKEY)", RFC 4738,
DOI 10.17487/RFC4738, November 2006, <https://www.rfc-
editor.org/info/rfc4738>.
[RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
over Low-Power Wireless Personal Area Networks (6LoWPANs):
Overview, Assumptions, Problem Statement, and Goals",
RFC 4919, DOI 10.17487/RFC4919, August 2007,
<https://www.rfc-editor.org/info/rfc4919>.
[RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
"Transmission of IPv6 Packets over IEEE 802.15.4
Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007,
<https://www.rfc-editor.org/info/rfc4944>.
[RFC5191] Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H.,
and A. Yegin, "Protocol for Carrying Authentication for
Network Access (PANA)", RFC 5191, DOI 10.17487/RFC5191,
May 2008, <https://www.rfc-editor.org/info/rfc5191>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246,
DOI 10.17487/RFC5246, August 2008, <https://www.rfc-
editor.org/info/rfc5246>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, DOI 10.17487/RFC5652, September 2009,
<https://www.rfc-editor.org/info/rfc5652>.
[RFC5713] Moustafa, H., Tschofenig, H., and S. De Cnodder, "Security
Threats and Security Requirements for the Access Node
Control Protocol (ANCP)", RFC 5713, DOI 10.17487/RFC5713,
January 2010, <https://www.rfc-editor.org/info/rfc5713>.
[RFC5903] Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a
Prime (ECP Groups) for IKE and IKEv2", RFC 5903,
DOI 10.17487/RFC5903, June 2010, <https://www.rfc-
editor.org/info/rfc5903>.
Garcia-Morchon, et al. Expires March 14, 2018 [Page 41]
Internet-Draft IoT Security September 2017
[RFC6272] Baker, F. and D. Meyer, "Internet Protocols for the Smart
Grid", RFC 6272, DOI 10.17487/RFC6272, June 2011,
<https://www.rfc-editor.org/info/rfc6272>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <https://www.rfc-editor.org/info/rfc6347>.
[RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks", RFC 6550,
DOI 10.17487/RFC6550, March 2012, <https://www.rfc-
editor.org/info/rfc6550>.
[RFC6551] Vasseur, JP., Ed., Kim, M., Ed., Pister, K., Dejean, N.,
and D. Barthel, "Routing Metrics Used for Path Calculation
in Low-Power and Lossy Networks", RFC 6551,
DOI 10.17487/RFC6551, March 2012, <https://www.rfc-
editor.org/info/rfc6551>.
[RFC6568] Kim, E., Kaspar, D., and JP. Vasseur, "Design and
Application Spaces for IPv6 over Low-Power Wireless
Personal Area Networks (6LoWPANs)", RFC 6568,
DOI 10.17487/RFC6568, April 2012, <https://www.rfc-
editor.org/info/rfc6568>.
[RFC6690] Shelby, Z., &", RFC 3610, September 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
[RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)",
RFC 3972, March 2005.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005.
Nieminen, et al. Expires November 23, 2015 [Page 17]
Internet-Draft IPv6 over Bluetooth LE May 2015
[RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903, June
2007.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
"Transmission of IPv6 Packets over IEEE 802.15.4
Networks", RFC 4944, September 2007.
[RFC5535] Bagnulo, M., "Hash-Based Addresses (HBA)", RFC 5535, June
2009.
Authors' Addresses
Johanna Nieminen
Nokia
Email: johannamaria.nieminen@gmail.com
Teemu Savolainen
Nokia
Visiokatu 3
Tampere 33720
Finland
Email: teemu.savolainen@nokia.com
Markus Isomaki
Nokia
Otaniementie 19
Espoo 02150
Finland
Email: markus.isomaki@nokia.com
Basavaraj Patil
AT&T
1410 E. Renner Road
Richardson, TX 75082
USA
Email: basavaraj.patil@att.com
Nieminen, et al. Expires November 23, 2015 [Page 18]
Internet-Draft IPv6 over Bluetooth LE May 2015
Zach Shelby
Arm
Hallituskatu 13-17D
Oulu 90100
Finland
Email: zach.shelby@arm.com
Carles Gomez
Universitat Politecnica de Catalunya/i2CAT
C/Esteve Terradas, 7
Castelldefels 08860
Spain
Email: carlesgo@entel.upc.edu
Nieminen, et al. Expires November 23, 2015 [Page 19]